Hi All,
I’m relatively new to Bro and would like input if there are other exfiltration detection scripts out there other than these two:
https://github.com/sooshie/bro-scripts/blob/master/2.4-scripts/dns-bad_behavior.bro
https://github.com/reservoirlabs/bro-scripts/tree/master/exfil-detection-framework
Any others?
Additionally, when I try to run the first script, I get a split string error on this line:
local parts = split_string(key$str, /, /);
This is odd because my understanding is that the split_string function should be built-in and part of base/bif/strings.bif.bro, and it’s function is defined here: is a defined function as per here (https://www.bro.org/sphinx/scripts/base/bif/strings.bif.bro.html).
Any input on either of these questions would be appreciated. Thanks!
rhette